/r/technology is a place to share and discuss the latest developments, happenings and curiosities in the world of technology; a broad spectrum of conversation as to the innovations, aspirations, applications and machinations that define our age and shape our future.

Hide popular topics:

Rules:

1. Submissions

Guidelines:

Submissions must be primarily news and developments relating to technology

Self posts must contribute positively to /r/technology and foster reasonable discussion. Self-post cross-posts are not acceptable.

Submissions relating to business and politics must be sufficiently within the context of technology in that they either view the events from a technological standpoint or analyse the repercussions in the technological world.

Please do not submit the following:

i) Submissions violating the guidelines.

ii) Images, audio or videos: Articles with supporting image and video content are allowed; if the text is only there to explain the media, then it is not suitable. A good rule of thumb is to look at the URL; if it's a video hosting site, or mentions video in the URL, it's not suitable.

vii) Mobile versions of sites, url shorteners: please directly submit the desktop version of a webpage in all cases.

viii) Social media links/profiles/invites or promotions (eg. Facebook, Instagram, Pintrest etc). Tweets should not be used as a news source unless an official announcement by a verified company or spokesperson.

2. Behaviour

Remember the human You are advised to abide by reddiquette; it will be enforced when user behaviour is no longer deemed to be suitable for a technology forum. Remember; personal attacks, abusive language, trolling or bigotry in any form are therefore not allowed and will be removed. Repeated abuse can result in a permanent ban.

3. Titles

Submissions must use either the articles title and optionally a subtitle. Or, only if neither are accurate, a suitable quote, which must:

Removed threads will either be given a removal reason flair or comment response; please message the moderators if this did not occur.

All legitimate, answerable modmail inquiries or suggestions will be answered to the best of our abilities within a reasonable period of time.

Rule violators will be warned. Repeat offenders will be temporarily banned from one to seven days. An unheeded final warning will result in a permanent ban. This may be reversed upon evidence of suitable behavior.

One of the more interesting uses was during WWII. The Allies broke the German cryptography early in the war, so we knew most of their plans well before they could act upon them. That was obviously a huge benefit, so it was crucial that they never know we broke the codes.

To hide that, the allies would do things like send out "spies" whose job was not to actually gain information, but just to plant evidence that they had been there. Then when the allies attacked, the "spy" would get the blame, not the broken cryptography.

The book Cryptonomicon is a fictionalized telling of the story, and the movie The Man Who Never Was deals with the same basic tactic (though with a slightly different goal).

Just gonna jump in here and say that, regardless of anyone's interest in the particular topic at hand, if you have *any* interest in technology in general (particularly hacking/computers), books, dramaticized war scenes, gritty dialogue, and subtle nerd-puns, read this fucking book. It is amongst the best I have ever read, and the title & sheer size of it alone will add quite a bit of mystique and grandeur to your bookshelf, not to mention the geek cred.

Nope. Basically. They first find incriminating evidence, but the manner it was found in is illegal. They can't take the person to court, since the evidence will immediately be thrown out. So, they then have to find the incriminating evidence again, but legally. Then after that they go to court with that evidence and never mention the initial evidence.

The Stingray is a good example of how this is used in practice. Perform illegal wiretapping then just happen to be at the right place at the right time like serving a warrant for something unrelated and "discovering" the cache of drugs or guns

Basically how they found the silk road guy. They ended up backtracking after finding him, seeing he made posts on a message board about it, and THAT was entered as how the investigation into him began.

An example of parallel construction would be if a cop performed illegal surveillance with a stingray that detailed a meth lab in a home. They would then go back and try to reproduce steps that would lead them to meth again, but this time in a legal manner.

More like "a previously reliable anonymous informant told us this was a drug house and provided us with specific verifiable facts about the people in the house, the cars they drove, and the times shipments would be received. We independently verified those facts through conventional surveillance. And then applied for a warrant."

Easy way I was thinking is remember the scene in Se7en when Somerset and Mills are investigating the 7 deadly sins killings. They use Somerset's contacts at the FBI to figure out who it is, and they illegally enter his apartment and find that guy in the bed with the pinetree air fresheners on the ceiling. Then they pay off a street person to testify that she saw John Doe going out and being all suspicious so they could further investigate the apartment with the help of the police department.

using illegal means, the tyrants in DOJ hacks into a suspect who is selling drugs phone to find where he is going. (lets say email/text etc).

now obviously they cant go busting down the door for no reason, nor can they get a warrant to go bust his door down and arrest him.

so what will they do? they will set up a random "drunk checkpoint" and then use that as means to check and find drugs.

or better yet, a "anonymous" source. and they grab the guy.

lets look at that anon source "A" a bit...maybe he was also a victim of hacking from DOJ, because of the wide web they can sew, they know "A" is associated with our suspect...but in order to turn him CI, the DOJ can blackmail ask if his wife/gf new about the affair he is having. since DOJ have good evidence (hacked) about it.

you can see where this leads hopefully.

note, the 2 other things are pretty "legal" in the sense chances are when caught red handed, you are likely going to take a plea deal, rather than try your luck.

Emphasis on the quotation marks. The point of parallel construction is that the court thinks that they got all evidence by legal, warranted means, but in reality it's clearly "fruit of the tainted tree"

Does it matter if currently is?
How long until an "inter-agency initiative" to protect the children and end child exploitation sets a precedent for the admission of evidence gathered by blanket surveillance.

Well a lot of what the CIA does isn't legal in the US. It's pretty funny there is so much condemnation of other states and their practices, like Americans complaining about Russia or North Korea but then the US has done a lot of things and either the public have never found out or has found out and the majority of the population don't give a shit. Giving guns to various groups that eventually use them on American soldiers, killing off other world leaders and even a glaring one in the invasion of Iraq are all swept under the carpet but in truth at international level the opinion of the US is going to shit and they are lucky that we will never know of all the shit the CIA has done in the name of "national security".

I have said it many many times here on reddit: independent authorities are like cancer. Once they pop up they can only grow.
What's the point of fighting for the separation of powers if one then creates an agency that sits above the law, the judiciary and the government? On paper that's not the case but reality shows otherwise in almost every country where such entities exist.

Side little rant though, do the US think they are improving their standing by bombing other countries? Like terrorism is fucking awful but do you think they are bombing places and causing issues just for fun? There is a hurt party and it was mostly not the US or UK, it was a bunch of people getting bombed every day of the week, people who were invaded by a bunch of foreign powers because they had oil. Iraq was and still is one of the biggest points of contention ever. It really was an illegal war the US got away with and it radicalized loads of people in the region and destabilized the region which allowed for the formation of ISIS. The US fucked up and allowed their president to invade a country just because his father couldn't finish the job a few years before. There were no weapons, just a fucking prick in the US who wanted a war and got it. Fuck it's common knowledge that the Bush family has ties to arms companies and they and a few of their friends got some nice fat stacks from causing trouble in the middle east.

I don't think anyone really can sincerely defend any of the military action we've taken in the last 20 years, but they pretend to because it's better than saying "we did it because the defense lobby basically controls our foreign policy"

Just to tack on. There is the five eyes. Our government is not allowed to spy on us, they do, but it is not illegal to pay for intelligence another country gathered on us.

The five eyes, is a completely public program when 5 separate countries agreed to spy on the other 4 nations with their top equipment and share that data with the other countries.

Edit: googled it for you. And they doesn't touch our domestic program. If you have a smart phone or smart tv, odd are your day to day conversations inside your home have been recorded and are transcribed to text on a could sever housed by the CIA or NSA.

In addition, they have the ability to record from our tvs and smart phones. My guess is that data is stored highly compressed on a cloud server as well. http://i.imgur.com/9HnLnNH.jpg

I work with these speech to text programs. Not Dragon, the high-end corporate ones. Let me assure you that while they are impressive, they're not sophisticated enough to really usher in the orewellian nightmare yet. I'd say it'll be another 5 to 10 years before the NSA or anyone else can really use this data in a scary way. Right now there's some poor grunt digging through millions of clips of audio trying to make sure the tape really says "bomb" and not "long," "Obama," "blonde," etc. THEN trying to write rules to identify sarcasm/humor vs a true threat. My God, that job must be a nightmare.

Text to speech is the other direction. We're talking about speech to text. And yes, the speech to text tools that exist are effective, or I wouldn't have a job. Amazon's Alexa is a solid example of effective speech analytics technology. But existing technology is not at the point that most people imagine when they picture the spooky NSA spy facility monitoring all of your phone calls.

Most speech to text software that exists today has a hard time separating out multiple people who are speaking, capturing what's said with a lot of background noise or over-talking, accounting for variant accents, distinguishing between similar-sounding words or phrases, etc. These are barriers that stand in the way of a true panopticon.

You can do a great deal with the speech analytics software that's currently out there. You can't do everything yet. But the tech is evolving rapidly, and as I said, within 5 to 10 years I anticipate the NSA will be able to do everything people imagine they can do already.

You're not wrong, but that's one very specific type of task. It happens to be the thing speech analytics is best at, identifying keywords.

And even in that example it isn't very accurate. My google voice turns on all the time when it's not supposed to, probably because it's built to err on the side of false positives over false negatives.

If I were any private company or organization I would IMMEDIATELY stop using hosting by other platforms, AWS, GoDaddy, etc.

The only way to secure your data is to know you have physical control over it and can wipe it and destroy it at any second.

Third party companies like Amazon with AWS, have already publicly said they have given up private user data when agencies have asked for it. So they are not willing to protect you like you would protect yourself.

My manager warned us not to bring any work-related asset (pc, smartphone) if we ever want to visit the USA or other non-EU regions for privacy policies,

I know of a consultant who basically has to wipe his HDD, fly into the US and after he gets into the hotel and with the company VPN he can download the backup from the company cloud. we do have lots of sensitive customers and clients data but he said in the US they have a lot of issue still ongoing idk

Yeaaa. I'd take even more precautions than that. If history has told us anything, it's that for every bad thing you know about the govt, there's a whole monstrous iceberg of much worse that you'll never see.

It doesn't matter. If they are physically in the US when hacking a datacenter in Europe, US laws apply. The EU might see it as a cyber attack, but it's not really a matter of privacy laws anymore. This is no longer a civil matter, but a diplomatic one. Perhaps it can be compared to the US boarding another nation's vessels; laws are hardly relevant at that point.

This is an interesting digital sovereignty case though, and I'm interested to see how the EU responds to this.

This doesn't make sense to me. Even if the people doing the hacking were in the US the targets of the hacking would still be in the EU. Surely the jurisdictional issue is more complex than "nuh-uh, my government says I can so you can't do anything".

I'm not even saying you're necessarily wrong, but if you're right then those laws are hilariously damn backwards.

It is illegal in the target country, but the target country can't prove who the hackers are. They send a request to the US government to figure out who was using the IP address the hacking was coming from, and the US government says "we'll look into it... welp we didn't find anything, sorry."

Even if they COULD prove who the hackers are, they send an extradition request to the US for laws broken in their country, and the US says "sorry, no can do, we don't extradite for that!". And the foreign country can't exactly send their police into the US to arrest someone without starting a war.

The fact that this sounds perfectly plausible scares and depresses me.

On one hand thank you for breaking down the logic for me. On the other hand I think I'll return to my little bubble now, where the idea of the US openly committing cyber-crime against the EU is considered laughable.

Well they wouldn't be breaking laws but breaking EU law even without being in the EU still would be massively frowned upon. There are a few options though, or stops cooperating with the US on other issues. Other than that and I'm surprised this hasn't happened yet but limiting EU services to EU IP addresses. They can spoof it but cutting off access over the sea might eventually be the an option if the US doesn't respect laws internationally. Most services available in Europe have servers here so it wouldn't be a big deal to cut the chord.

US based companies can either get kicked out of EU or move their shit to EU. And honestly, being in the EU seems like the better, or maybe less shitty, option. I don't know enough about EU surveillance to compare.

Well, the big surveillance excuse in the US a few years ago was that they were only looking at international traffic.

So US companies putting their data centers in the EU means the US can justify surveillance using that excuse, as well as get other data through the various intelligence partner agreements (5 eyes etc).

Hacking EU held data will likely not violate US law in a way that it can be taken to court, and the National Security Letter (Patriot act gag order/warrant combo) could still be used with the cooperation of the FISA court (which rarely turns down requests).

This is interesting to me. Does the American government and populace really take their close connection to the EU so much for granted that they assume they can do anything without retaliation?

Do they not realize how severely they could get their economy fucked if the EU decided to boycott the US?

Do they not realize how fucked they (and the the world) would be if they push the EU into the arms of Putin?

Do they not realize that in a world full of nations that would love nothing more than to destroy the US and take over as the new hegemon of the world that they really want to remain good friends with the one world power that doesn't want to see them destroyed?

I mean i want the US and the EU to remain friendly, but you can only really remain friends for as long as you treat each other like friends.

You know the saying "its easier to ask forgiveness than permission." means the ethically disinclined in government have been doing it already for decades and now they want to legalize their illegal activities.

It also should make us wonder whether they already have permission to access any datacenter in the US.

Well, this isn't gonna work for a five-year-old but hopefully it'll make some sense. It probably helps to understand the facts of the case rather than the scare tactic headline that makes it sound like the U.S. is hacking foreign data servers without a company or country's consent or permission (they probably are, but, separate issue).

The DOJ had a warrant for a certain Microsoft email address. Now, I'm a lawyer. It's not a controversial idea that the government in many situations can compel you to turn over documents that are in your "possession, custody or control." This happens in both the criminal and non-criminal context (for instance, an SEC investigation can require a company to produce documents a company has in their possession, custody or control). Typically this wouldn't really matter where the physical "data" was located. You can't commit a crime in the U.S. and keep all the evidence on your server in Ireland and say "whoops sorry government go fuck yourself!" Because you still at least have control/custody over that data.

Anyways, Microsoft doesn't want to hand over the data, so they say that the data is actually in Ireland, in possession of Microsoft Ireland, their wholly owned subsidiary. The U.S. warrant's jurisdiction doesn't extend to Ireland, i.e. the U.S. government cannot show up in Ireland and physically retrieve the data. But the statute is unhelpfully vague as to when an entity is deemed to have possession of something. For instance, the government makes the point that a Microsoft employee in Washington could call up the data without ever leaving his desk. So is the data truly overseas? Or is it more accurate to say it doesn't really have a location, or at the least, may have multiple locations?

I used the term "possession, custody or control" which is what a lot of statutes use and a lot of government agencies use to determine when you have something. It's also what court cases use in terms of discovery. There's a lot of caselaw determining what those words mean and how they apply to complex multination corporations with subsidiaries and data stored overseas, etc. etc. So, the statute for the warrant doesn't specifically use this language, but the statute also doesn't state that the physical location of the data matters either, in fact, it doesn't use the term data or state that the emails themselves need to be turned over, just that the company must disclose the "contents" of the email. In a case where the "possession, custody, or control," language was used, almost certainly U.S. Microsoft would be deemed to have control of the information, and probably custody as well, even if technically they don't possess it. Of course, the statute just states that the government can "require the disclosure." Like I said, unhelpfully vague.

On the one hand, I think it's entirely reasonable to say that Microsoft, the U.S. Microsoft, is entirely capable of disclosing this information - there's no doubt they could provide it voluntarily if they wanted to, and an employee in the U.S. could call it up in a few minutes. On the other, the data technically is not in the U.S.. It depends on how much stock you put in the idea that something like information has a "location." And again, the statute speaks not to location or even requiring that the company provide specific data. It's "require the disclosure..." of the "contents" of an email... so it's more stating that the government can gain access to this information - access that U.S. Microsoft certainly has and could provide.

It's basically the tricky question of whether information, as opposed to the physical 1s and 0s, has a location, and despite this thread acting like the government is a bunch of buffoons, they are making a reasonable argument to interpret a vaguely-worded statute. And the judges confronting this have all disagreed. The Second Circuit initially wrote a 1-1-1 opinion denying the government's argument. That means that the 2 people voting to deny the government agreed on the result, but not the reasoning behind it, and the judge who "concurred" wrote that even though he agreed the government couldn't require the disclosure of the data, he had "considerable" hesitation in his decision, did not think it made sense as a rational policy, and essentially blamed it on the statute's vague wording. Another judge dissented and agreed with the government. Then, the government appealed to the entire panel en banc, meaning all the judges of the Second Circuit, not just a three-judge panel, would hear the case, and the result of that was a 4-4 tie that left the original opinion in place (the only reason there being an even number due to some judges having to recuse themselves). So, it's something that very smart and intelligent people reading the nuances of the statute and considering all the factors come out to differing opinions on.

Microsoft: "However, we’d prefer to keep working alongside the DOJ and before Congress on enacting new law, as Judge Lynch suggested, that works for everyone rather than arguing about an outdated law. We think the legislative path is better for the country too."

Whenever corporations suggest writing new laws in cooperation with the government so that they "work for everyone," I wonder if we, the public, are getting the whole story.

National Laws and really our entire system of Justice just ain't ready for the internet yet.

People are mad about these decisions, but wait until Exxon moves all their servers to a private datacenter in Bumfuckistan and refuses to hand over incriminating docs because they are outside of anyone's jurisdiction.

Ireland, where a lot of these companies keep their datastores would say no. Not only does the Supreme Court of the US have no standing in Ireland they mostly can't allow widespread permission for search online other than a case by case with a warrant kind of thing. So let me be the first and probably not the last Irish person to say fuck off to the US if they want to get access to data centres here.

Which won't work, because companies in other countries do not have to listen to the legally irrelevant warrant from a judge in America. If the company had a presence in America, maybe. But all they need to do is contest the warrant. Companies have more money to throw at this that the American government does.

Edit: also I am pretty sure in Iceland you don't have to comply with warrants for data from other countries under law, need to fine the source.

They don't need this and nor should it be granted to them. If they really need to search data centers for evidence, then they need to ask themselves "do we really have enough evidence to convict?" At some point you have to draw a line.

I'm a little bit confused with all the discussion here. DOJ got a warrant for communications that Microsoft had that may have shown something illegal happening. Microsoft in turn said, naw, sorry, those are kept in our foreign data center so you can't have them. What's to stop a company from storing electronic records of any illegal activity overseas then?

Every single argument the government makes in it's effort for complete control is "because security". No matter what it is. The travel ban's clearly racist and xenophobic reasons are justified in the govt arguments "because security" when we all know it won't make us any safer. I'm tired of the government trying to infringe on the constitution or due process by overruling it with "because security". "because security" is the becoming the "I fear for my life" magic words of the federal government.

It should be a sentence that is unlikely to be found in dictionary but easy for you to remember, and if you use special signs (some sites will allow spacebar as well) and big and small letters it will make it stronger.

So what is "American data"? Is that any characters being typed in the geographic US? What about German nationals, with a German domain name, using a German VPN, in the US?

That's one easy example, but there are thousands of those examples.

2nd, this is very US centric. Corporations that I deal with have teams of lawyers trying to figure out what happens when 2 countries have competing data sovereignty laws. What does happen when both Australia and the EU simultaneously say data can't leave their borders? Does Tinder or OKCUPID just not show you matches in the EU? Do you lose your Australian Facebook friends?

I think we're very much on the verge of developing a whole new set of global language to handle this, and it isn't as simple as anyone thinks.

Right now the industry is compliance-based. But these tech multi-nationals are about to turn into policy drivers. That's scary.

In order to operate in certain countries, companies must adhere to cross-border data restrictions. For example, to operate in Canada all financial data must stay in Canadian data centers. Cross-border data movement is heavily regulated.

This DOJ is really short-sighted in that complying could put MS in breach of foreign laws. But we don't care about that, all we care about is expanding our ability to scoop up every minor amount of data in the name of terrorism to fight things like drugs that should be treated as a mental health issue to begin with. Between the stupidity of the conservative leadership in the US and the continued over-reach of surveillance and undermining our own technology companies through NSA back-doors, it's like we're actively trying to get knocked down a peg on the world stage.